Self-driving cars and open source – what about GPLv3 and anti-tivoization?

Every year in April, I, Martin von Haller, participate in FSFE[1] European Legal conference. A conference where open source, legal nerds from universities, law firms and private companies meet to discuss the latest trends within open source licenses and the related legal challenges. The network is a neutral, impartial and private forum facilitated by the Free Software Foundation Europe.

Over the course of summer, I will write 4-5 blog entries on issues from the latest FSFE European Legal Networks conference this year held in Barcelona. The blogs are aiming to provide the reader with an insight into the current open source trends from a legal and a license perspective.

Self-driving cars and open source

Is it possible to image that the self-driving cars of tomorrow have a Linux operative system? Of course it is. Open source software is the foundation for almost all new developments within both old and new industries. There are many explanations as to why this is; open innovation, collective payment of developments costs and so on. But what about the security question? For the car industry, it is of paramount importance that the underlying IT systems work. A computer crash does not only require a reboot of the computer, potentially it could end in death and destruction.

Will the use of open source in the car industry entail an increased security? Would it not be possible to create more secure solutions which all car producers could apply and improve jointly upon and thereby limiting the expenses while at the same time developing their own unique qualities? Potentially, thoroughly tested software would make lawmakers’ lives a lot easier when legislating about questions such as legal responsibility and general security. The question is whether all the scandals in the car industry, e.g. false tests for gas emissions, could have been avoided if the software had been open source?

Anti-tivoization

In the past five years, the car industry has increasingly used FOSS[2]. However, the use of FOSS has almost exclusively been aimed at user services such as navigation and entertainment systems. In particular, the car manufacturers have strongly been against using open licenses released under the General Public license version 3 (GPLv3). The opposition is caused by the so-called “anti-tivozation” clause in section 6 of GPLv3 (to read more about the background of this clause, please follow this link http://bit.ly/1tqFSKc).

Many car manufacturers are using hardware (that is their cars) that prohibits the users from running modified versions of the manufacturers’ software. The above-mentioned clause in GPLv3 prohibits manufacturers from incorporating such clauses in their hardware if they are using the GPLv3 software in the systems running on the hardware. The car manufacturers refrain from using the GPLv3 because the license obliges them to put installation information at the disposal of the users which allows the users to install and run their own modified editions of the manufacturers’ software.

Security concerns?

Primarily, the car manufacturers say that their dislike of the GPLv3 software is due to security issues. According to them, it should not be possible for the car owners to modify the software of the car because this could lead to exposing the users themselves and other road users to danger.

In the light of the above, is seems reasonable to question whether security considerations is actually the true reason for the car manufacturers not wanting the users to run their own software on the cars’ hardware.

For many years, car owners have replaced parts of their cars, e.g. tires, brakes and even software – which is supported by the car industry.

To give an example, there is a large market for the replacement or modification (“remapping”) of the Engine Control Units (“ECU”) software of cars. The ECU’s are computers that control the car’s engine, including fuel mix, fuel supply and gearing.

The car industry takes advice and uses data from companies which offer ECU remapping and thereby indirectly supporting the companies although – according to the car industry – changes to the engine allegedly can pose a security risk.

Another aspect of the matter is that stating that the clause in GPLv3 absolutely prohibits the car fabricants from forbidding the users running their own software on the hardware of the cars is not completely true. Section 7 of GPLv3 makes it possible for the creators of GPL programs to give the car factories an extra license under which it is possible to use the GPLv3 software in their cars without having to comply with the former-mentioned obligation to provide the installation information to the users of the cars.

The way the system works now, the car industry allows modifications of cars which may cause a loss of security. It is possible to develop GPLv3 software that the car fabricants can use without having to allow the car owners modifications. Furthermore, it is only GPLv3 – and therefore not other FOSS licenses – which on a general level forces the car manufacturers to allow modifications of their software.

The question of the security level of the cars should hardly be a hindrance to the use of FOSS in self-propelled cars. If the car fabricants could realize this, the many advantages of the freely-available source code could clear the way for the technology generally being adopted faster.

Read more on the use of GPLv3 in the car industry in the article “Driven to Tears – GPLv3 and Automative Industry” (Link: http://bit.ly/1tqOmB8).

Thank you to law student Victor Emil Clausen for his contribution to this article.

Martin is recognised for his solid legal skills and as an innovative thought leader and strategist within the IT industry. He is a partner in Bird & Bird's International Tech and Comms Group and is based in Denmark. Martin is one of Denmark’s leading IT lawyers with almost 20 years’ experience of advising Danish and international organisations, including large blue chip companies on legal and commercial matters in connection with IT in a wide sense. He is considered a pioneer with respect to legal aspects of Online Technology Solutions (Ecommerce, internet and web services), Cyber and IT security, open source and open data and use of other open licence forms such as Creative Commons.